selinux-policy-targeted-2.0.0-1 is very raw
Nicolas Mailhot
nicolas.mailhot at laposte.net
Tue Nov 15 22:16:41 UTC 2005
Le mardi 15 novembre 2005 à 16:45 -0500, Christopher J. PeBenito a
écrit :
> On Tue, 2005-11-15 at 21:17 +0100, Nicolas Mailhot wrote:
> > Is selinux-policy-targeted-2.0.0-1 really ready for use ? Basic stuff
> > like udev access to /dev/.udevdb and su seems to be blocked
>
> Can you provide denials from your audit.log? I can't reproduce these
> problems.
The udev bit is too early to end in the logs, it flashes during the boot
messages. Maybe it's not selinux related but it looks like it
Strangely su works from the console but not from gnome-terminal
Attached a full audit.log for the system. Generation process :
- force an autorelabel (touch /.autorelabel)
- reboot
- switch to init 1
- remove /var/log/audit/audit.log
- reboot
- do_stuff (including a failed root login ;))
- copy the resulting audit.log
All the denied accesses in the log can therefore be attributed directly
to the policy. Lots of denied stuff for 2 minutes of system activity
before copying the log.
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audit.log.bz2
Type: application/x-bzip
Size: 3315 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20051115/41d4aca7/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20051115/41d4aca7/attachment-0001.bin
More information about the selinux
mailing list